Firefox 130.0.1 advisories

mozilla · Sep 17, 2024 · b8ceb78 · b8ceb78
1 parent 5f32fc6
commit b8ceb78
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/announce/2024/mfsa2024-45.yml b/announce/2024/mfsa2024-45.yml
@@ -0,0 +1,15 @@
+## mfsa2024-45.yml
+announced: September 17, 2024
+impact: high
+fixed_in:
+- Firefox for Android 130.0.1
+title: Security Vulnerabilities fixed in Firefox for Android 130.0.1
+advisories:
+  CVE-2024-8897:
+    title: Address bar spoofing after server-side redirect
+    impact: high
+    reporter: Thomas Orlita
+    description: |
+      Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.<br>*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*
+    bugs:
+      - url: 1862537